From patchwork Thu Oct 15 21:46:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11840213 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1503D14B4 for ; Thu, 15 Oct 2020 21:46:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D3DAA20776 for ; Thu, 15 Oct 2020 21:46:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="erKXgeEJ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731522AbgJOVqp (ORCPT ); Thu, 15 Oct 2020 17:46:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40308 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731432AbgJOVqo (ORCPT ); Thu, 15 Oct 2020 17:46:44 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29FAEC0613D3 for ; Thu, 15 Oct 2020 14:46:41 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id j17so173848pgj.10 for ; Thu, 15 Oct 2020 14:46:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=ch6nvSub6LPLhqFDO+1Ngo8vwhJFQ7f44Mxixhhd0C0=; b=erKXgeEJdd65aOt7EvfIQrxEVMZDG6HulO74oHjfoANkWKvJnE49mXrq+Hsptz3+Ga FxTzPcfQyOceq3aIFKmQSMq5SSM0AgEtQ7K34yAU/dBuPTorhKqCxpI2iO9EWwXi/Bt/ +uRsCiu8JT9QqCuMPIxooBMbVg2Ufs/lmX9nFS1zqJpr81ZwA8hQrgcB6V2+T4JbUYEi SrH4a1yeX+iE3V11cxOaHeaLHrNQtRZ52oCRqKocsGHY+9GZnJJZwy2Sg0f2Bfygwev+ yfKVoSDTZARjHUj2javmg2ADI3z8nFeVKPtCDc1lJ6Qi6t382sWcsB2cBKiL4+77SqOV AfSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ch6nvSub6LPLhqFDO+1Ngo8vwhJFQ7f44Mxixhhd0C0=; b=armpjGbLM/nKrzlJbcF10JTARhxZQhQmig0LtXiX9Ls+WYL/Q745NCRUPPOUTOKFXg jwDwFb20tjTHQzTeeRr+x8a0KGg/zC59PiZrEVmzQBgGBEdKCduhG/SkFgzEhCpUWhwS p9g1vn0D6A3OJDlIpSqg4RX3ZKnTkyJHKXl7BuoUAp6p4Gt7/lJYWkogjlzxVtal78an iCHsIYN0if0pL4EfaybvaxWa10FWk3cgdrOXmIezEQME2tpbdEo/8Z5N4KJjiWtjs+GF c/ddThtYnfZdOH0clafKqPuzCldhZb7W7/uzkkHZ/EmSpWX5eDUTOljB3Fj2nlu+m7Ag UEDw== X-Gm-Message-State: AOAM530YL7S+JAa2IUqtBilN/UjMXWNCZ39EnOkc9h58OBPdmc8imgrl aplVZbq2CFGqdISAPUsDmPSq3GozdWIKDF0cGi04NbNJydP4Y1blknsam2PGTdLN9DjHQTdOGYA EtAogkbw7+plw2c5xpMUbWFH+BYwZMVf8maB+1KsI51J3toVghFI7ttl3rW8l7CKwEeaG X-Google-Smtp-Source: ABdhPJwhx2toIgFmDseGxQzGpK/2t4Kas5iEEhvkp2rHiVYQV9LBIlyMLStzdPkzAQOknVMMz1/GU/4rMHk= Sender: "satyat via sendgmr" X-Received: from satyaprateek.c.googlers.com ([fda3:e722:ac3:10:24:72f4:c0a8:1092]) (user=satyat job=sendgmr) by 2002:a17:90a:940c:: with SMTP id r12mr78628pjo.1.1602798400036; Thu, 15 Oct 2020 14:46:40 -0700 (PDT) Date: Thu, 15 Oct 2020 21:46:29 +0000 In-Reply-To: <20201015214632.41951-1-satyat@google.com> Message-Id: <20201015214632.41951-2-satyat@google.com> Mime-Version: 1.0 References: <20201015214632.41951-1-satyat@google.com> X-Mailer: git-send-email 2.29.0.rc1.297.gfa9743e501-goog Subject: [PATCH v2 1/4] block: keyslot-manager: Introduce passthrough keyslot manager From: Satya Tangirala To: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, dm-devel@redhat.com Cc: Jens Axboe , Alasdair Kergon , Mike Snitzer , Eric Biggers , Satya Tangirala Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org The device mapper may map over devices that have inline encryption capabilities, and to make use of those capabilities, the DM device must itself advertise those inline encryption capabilities. One way to do this would be to have the DM device set up a keyslot manager with a "sufficiently large" number of keyslots, but that would use a lot of memory. Also, the DM device itself has no "keyslots", and it doesn't make much sense to talk about "programming a key into a DM device's keyslot manager", so all that extra memory used to represent those keyslots is just wasted. All a DM device really needs to be able to do is advertise the crypto capabilities of the underlying devices in a coherent manner and expose a way to evict keys from the underlying devices. There are also devices with inline encryption hardware that do not have a limited number of keyslots. One can send a raw encryption key along with a bio to these devices (as opposed to typical inline encryption hardware that require users to first program a raw encryption key into a keyslot, and send the index of that keyslot along with the bio). These devices also only need the same things from the keyslot manager that DM devices need - a way to advertise crypto capabilities and potentially a way to expose a function to evict keys from hardware. So we introduce a "passthrough" keyslot manager that provides a way to represent a keyslot manager that doesn't have just a limited number of keyslots, and for which do not require keys to be programmed into keyslots. DM devices can set up a passthrough keyslot manager in their request queues, and advertise appropriate crypto capabilities based on those of the underlying devices. Blk-crypto does not attempt to program keys into any keyslots in the passthrough keyslot manager. Instead, if/when the bio is resubmitted to the underlying device, blk-crypto will try to program the key into the underlying device's keyslot manager. Signed-off-by: Satya Tangirala Reviewed-by: Eric Biggers --- block/keyslot-manager.c | 41 +++++++++++++++++++++++++++++++++ include/linux/keyslot-manager.h | 2 ++ 2 files changed, 43 insertions(+) diff --git a/block/keyslot-manager.c b/block/keyslot-manager.c index 35abcb1ec051..5ad476dafeab 100644 --- a/block/keyslot-manager.c +++ b/block/keyslot-manager.c @@ -62,6 +62,11 @@ static inline void blk_ksm_hw_exit(struct blk_keyslot_manager *ksm) pm_runtime_put_sync(ksm->dev); } +static inline bool blk_ksm_is_passthrough(struct blk_keyslot_manager *ksm) +{ + return ksm->num_slots == 0; +} + /** * blk_ksm_init() - Initialize a keyslot manager * @ksm: The keyslot_manager to initialize. @@ -198,6 +203,10 @@ blk_status_t blk_ksm_get_slot_for_key(struct blk_keyslot_manager *ksm, int err; *slot_ptr = NULL; + + if (blk_ksm_is_passthrough(ksm)) + return BLK_STS_OK; + down_read(&ksm->lock); slot = blk_ksm_find_and_grab_keyslot(ksm, key); up_read(&ksm->lock); @@ -318,6 +327,16 @@ int blk_ksm_evict_key(struct blk_keyslot_manager *ksm, struct blk_ksm_keyslot *slot; int err = 0; + if (blk_ksm_is_passthrough(ksm)) { + if (ksm->ksm_ll_ops.keyslot_evict) { + blk_ksm_hw_enter(ksm); + err = ksm->ksm_ll_ops.keyslot_evict(ksm, key, -1); + blk_ksm_hw_exit(ksm); + return err; + } + return 0; + } + blk_ksm_hw_enter(ksm); slot = blk_ksm_find_keyslot(ksm, key); if (!slot) @@ -353,6 +372,9 @@ void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm) { unsigned int slot; + if (blk_ksm_is_passthrough(ksm)) + return; + /* This is for device initialization, so don't resume the device */ down_write(&ksm->lock); for (slot = 0; slot < ksm->num_slots; slot++) { @@ -394,3 +416,22 @@ void blk_ksm_unregister(struct request_queue *q) { q->ksm = NULL; } + +/** + * blk_ksm_init_passthrough() - Init a passthrough keyslot manager + * @ksm: The keyslot manager to init + * + * Initialize a passthrough keyslot manager. + * Called by e.g. storage drivers to set up a keyslot manager in their + * request_queue, when the storage driver wants to manage its keys by itself. + * This is useful for inline encryption hardware that doesn't have the concept + * of keyslots, and for layered devices. + * + * See blk_ksm_init() for more details about the parameters. + */ +void blk_ksm_init_passthrough(struct blk_keyslot_manager *ksm) +{ + memset(ksm, 0, sizeof(*ksm)); + init_rwsem(&ksm->lock); +} +EXPORT_SYMBOL_GPL(blk_ksm_init_passthrough); diff --git a/include/linux/keyslot-manager.h b/include/linux/keyslot-manager.h index 18f3f5346843..323e15dd6fa7 100644 --- a/include/linux/keyslot-manager.h +++ b/include/linux/keyslot-manager.h @@ -103,4 +103,6 @@ void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm); void blk_ksm_destroy(struct blk_keyslot_manager *ksm); +void blk_ksm_init_passthrough(struct blk_keyslot_manager *ksm); + #endif /* __LINUX_KEYSLOT_MANAGER_H */ From patchwork Thu Oct 15 21:46:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11840215 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7047014B4 for ; Thu, 15 Oct 2020 21:46:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 49D592084C for ; Thu, 15 Oct 2020 21:46:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LIY0DxS5" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731465AbgJOVqn (ORCPT ); Thu, 15 Oct 2020 17:46:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731436AbgJOVqn (ORCPT ); Thu, 15 Oct 2020 17:46:43 -0400 Received: from mail-qt1-x84a.google.com (mail-qt1-x84a.google.com [IPv6:2607:f8b0:4864:20::84a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F3391C0613D5 for ; Thu, 15 Oct 2020 14:46:42 -0700 (PDT) Received: by mail-qt1-x84a.google.com with SMTP id b12so161406qte.11 for ; Thu, 15 Oct 2020 14:46:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=CuszbQJohiIvHkXMpAk7mXGLUK2ItD9Zlwxr1z+YlSA=; b=LIY0DxS58ce7g15m40GxdKtNbycLiavCNXrn7FERdEOefV5SeRcKNVs09L6wtROjDF kDBqIEu4LIIKCTQwVj8573cjlEtychr3869oD5MLX1HaV9sjxvXG8xr5AkMkOlGLpaHt pVpUgvCzATwuC4vLgE+YbM+ps8qUbSnK264/2GYNXEV/GYJ2HywQgXvMbAp+/LhC/FL2 5hh9M/DnZHI2daihOdbT72Ri4uHBGP344/pMueE3xyr5IxvzrkTVQ4vNCw5syAuVo8pa Cz90AXqMnyaBZjn5/hy5E/aTPiikqfj6llKrez0LOULYfA/+psOh4n6Un6p2QUBEmX8H Ok4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=CuszbQJohiIvHkXMpAk7mXGLUK2ItD9Zlwxr1z+YlSA=; b=rI4WziccqCCc2r3wkHSEWYoya0qvQZTiETsi9BWMiJZvzQyZvTZjneuXYGI1AWusqZ pP/Xw7k+mRuplAetTIc3IvQNuGScHhd2EByaHCuVRp/sMdon3asvsDWadcKOAk3CrsmE dLSpydRSV6KrKKuXRExWXVTtx29oz0ItCkLBKxGCQPcSosbwH6U3WrHwChzvNhNnJqvh Gu5CThgFooxaa/UHmwVio1pcHBSnH2Z5TyT/W6n0o31DjLyNFmI/dWZpsm4IIBQJjxhH R1WCotx2NDyiKVHLoXAiTAzpcKKT+WYIgu1hpgrfaqE1pFiCr0JB8pLvp/IX7UAbNARD 6gmg== X-Gm-Message-State: AOAM531W/7RSRaK9iPpHc8Zq549B97Faut9TWjcvbcM763+QOaQArg1W RzO2kS4veNHUkrnnbtvHNFFJ6SLT+B/U89BI2hyoWf/j6PDIU7tKqq/IlW4ivIgbYpw/U5no+rx COkc8wwRBn5zc6tTNj0Gzen6vJbYwf59yGlM12aDhjpgntQaCjdueWRlfEcgNmRWqmd4e X-Google-Smtp-Source: ABdhPJxDIXTV51KQvEl0aGhmJoIfbkr36Ss/aBbOvc7pJMXIifvVm6XNIb5m+VCXOc8ctnCHHV0RmeFKFEI= Sender: "satyat via sendgmr" X-Received: from satyaprateek.c.googlers.com ([fda3:e722:ac3:10:24:72f4:c0a8:1092]) (user=satyat job=sendgmr) by 2002:a0c:8246:: with SMTP id h64mr862689qva.54.1602798402108; Thu, 15 Oct 2020 14:46:42 -0700 (PDT) Date: Thu, 15 Oct 2020 21:46:30 +0000 In-Reply-To: <20201015214632.41951-1-satyat@google.com> Message-Id: <20201015214632.41951-3-satyat@google.com> Mime-Version: 1.0 References: <20201015214632.41951-1-satyat@google.com> X-Mailer: git-send-email 2.29.0.rc1.297.gfa9743e501-goog Subject: [PATCH v2 2/4] block: add private field to struct keyslot_manager From: Satya Tangirala To: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, dm-devel@redhat.com Cc: Jens Axboe , Alasdair Kergon , Mike Snitzer , Eric Biggers , Satya Tangirala Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org Add a (void *) pointer to struct keyslot_manager that the owner of the struct can use for any purpose it wants. Right now, the struct keyslot_manager is expected to be embedded directly into other structs (and the owner of the keyslot_manager would use container_of() to access any other data the owner needs). However, this might take up more space than is acceptable, and it would be better to be able to add only a pointer to a struct keyslot_manager into other structs rather than embed the entire struct directly. But container_of() can't be used when only the pointer to the keyslot_manager is embded. The primary motivation of this patch is to get around that issue. Signed-off-by: Satya Tangirala --- include/linux/keyslot-manager.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/keyslot-manager.h b/include/linux/keyslot-manager.h index 323e15dd6fa7..37f1022b256f 100644 --- a/include/linux/keyslot-manager.h +++ b/include/linux/keyslot-manager.h @@ -59,6 +59,9 @@ struct blk_keyslot_manager { /* Device for runtime power management (NULL if none) */ struct device *dev; + /* Private data for owner */ + void *priv; + /* Here onwards are *private* fields for internal keyslot manager use */ unsigned int num_slots; From patchwork Thu Oct 15 21:46:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11840217 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 96F9517CA for ; Thu, 15 Oct 2020 21:46:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5B5392076E for ; Thu, 15 Oct 2020 21:46:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Su4wRPph" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731552AbgJOVqz (ORCPT ); Thu, 15 Oct 2020 17:46:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731510AbgJOVqp (ORCPT ); Thu, 15 Oct 2020 17:46:45 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A412C0613CF for ; Thu, 15 Oct 2020 14:46:45 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id r75so547889ybc.20 for ; Thu, 15 Oct 2020 14:46:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=Xpv963PJoR/Q9u54qgIX7lQfjSvh4ubpqrXt/Pc8BU0=; b=Su4wRPphTCrlbOf0Twbj6JK5xBjftH+HlspeG8WiApQFV9dQsR80hEBEX5K50HJWYJ gEas0QMd0ygwjFkXpAJ4sQp3L05LEeALEYJqxtVkG210Q4ngfSAMyQ6cKHP/PQz4yNCh WGd38wdYNlhlImJVIkl1EThuSL6loIrwbVSmtiUf+ql/ElkMsJ0XlikHECKWBMjK5T6n eRUhMF/uhX73Znt+X+x1XAKqEwEjmnniL6snvele/CZ1WTfOBbzHvTq2UJiV39kuSkvE pOPbnvP71Xb9Kcv+WBiU5Q6c7lal531Dve0vf3yA2nhkGWImDj8Lnb9VZ20Mo1wgfrPD WuNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Xpv963PJoR/Q9u54qgIX7lQfjSvh4ubpqrXt/Pc8BU0=; b=V5vg56rCSSkl2KuQyKf+7ETFLxEFoCCogRDNce6uHYK/uB168Wzb1c54uWm6B4fyMd Oj2TaWkgrIcynl0DgD8XqYIFR0Wt+I/busdSNe9dQ/CMZzTlKnrY5Ss35cgNOu1b/P3m 1P53wLFD9ygIoIGhUpqRdL2bJy+KnVuYvNdx0TWPVysWx5NT3ueQGL0eplCSl27NDw7X YaSuO/ZQoWmfKnxyPqZPtchlh/vAwGDfa5mzHuKzyRlRSm7tlwZ8RLD5/C8nUgVL8WxR a8bT1w46hHzU9Vw+afuGLVXrWAG7DtXpY9XIQLt9+3ftV+Bjgg9jGXrrN/QH6YXx1HfF SZ2A== X-Gm-Message-State: AOAM533Ft53tTGUZKBCfG33kUGL/r4k4c5n6t5KEaNr8WImNwOr7PSXi pDm2DhJFgSf9i7Ew6QTurW+XUV7fbXSqCYUSmMmrT61j/3+aQ52H326F3F1n0lkQDLCRQNQsK2L /OOzg0KUpBIawvcDD90ksJMW7phYoEtakaVADcZyc4uy5T3/4MbyiLPuNQ8BbqK6YKY2u X-Google-Smtp-Source: ABdhPJxK+5fYwBvzgWRN7AaEe1trxo3iT7pOH1LISxoJKM04a6kzs6z031Ebk8WaNSI5syNgC+EIXnB0goM= Sender: "satyat via sendgmr" X-Received: from satyaprateek.c.googlers.com ([fda3:e722:ac3:10:24:72f4:c0a8:1092]) (user=satyat job=sendgmr) by 2002:a25:909:: with SMTP id 9mr654744ybj.460.1602798404092; Thu, 15 Oct 2020 14:46:44 -0700 (PDT) Date: Thu, 15 Oct 2020 21:46:31 +0000 In-Reply-To: <20201015214632.41951-1-satyat@google.com> Message-Id: <20201015214632.41951-4-satyat@google.com> Mime-Version: 1.0 References: <20201015214632.41951-1-satyat@google.com> X-Mailer: git-send-email 2.29.0.rc1.297.gfa9743e501-goog Subject: [PATCH v2 3/4] dm: add support for passing through inline crypto support From: Satya Tangirala To: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, dm-devel@redhat.com Cc: Jens Axboe , Alasdair Kergon , Mike Snitzer , Eric Biggers , Satya Tangirala Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org Update the device-mapper core to support exposing the inline crypto support of the underlying device(s) through the device-mapper device. This works by creating a "passthrough keyslot manager" for the dm device, which declares support for encryption settings which all underlying devices support. When a supported setting is used, the bio cloning code handles cloning the crypto context to the bios for all the underlying devices. When an unsupported setting is used, the blk-crypto fallback is used as usual. Crypto support on each underlying device is ignored unless the corresponding dm target opts into exposing it. This is needed because for inline crypto to semantically operate on the original bio, the data must not be transformed by the dm target. Thus, targets like dm-linear can expose crypto support of the underlying device, but targets like dm-crypt can't. (dm-crypt could use inline crypto itself, though.) When a key is evicted from the dm device, it is evicted from all underlying devices. A DM device's table can only be changed if the "new" inline encryption capabilities are a superset of the "old" inline encryption capabilities. Attempts to make changes to the table that result in some inline encryption capability becoming no longer supported will be rejected. Co-developed-by: Eric Biggers Signed-off-by: Eric Biggers Signed-off-by: Satya Tangirala Reported-by: kernel test robot --- block/blk-crypto.c | 1 + block/keyslot-manager.c | 89 +++++++++++++ drivers/md/dm-ioctl.c | 8 ++ drivers/md/dm.c | 217 +++++++++++++++++++++++++++++++- drivers/md/dm.h | 19 +++ include/linux/device-mapper.h | 6 + include/linux/keyslot-manager.h | 17 +++ 7 files changed, 356 insertions(+), 1 deletion(-) diff --git a/block/blk-crypto.c b/block/blk-crypto.c index 5da43f0973b4..c2be8f15006c 100644 --- a/block/blk-crypto.c +++ b/block/blk-crypto.c @@ -409,3 +409,4 @@ int blk_crypto_evict_key(struct request_queue *q, */ return blk_crypto_fallback_evict_key(key); } +EXPORT_SYMBOL_GPL(blk_crypto_evict_key); diff --git a/block/keyslot-manager.c b/block/keyslot-manager.c index 5ad476dafeab..e16e4a074765 100644 --- a/block/keyslot-manager.c +++ b/block/keyslot-manager.c @@ -416,6 +416,95 @@ void blk_ksm_unregister(struct request_queue *q) { q->ksm = NULL; } +EXPORT_SYMBOL_GPL(blk_ksm_unregister); + +/** + * blk_ksm_intersect_modes() - restrict supported modes by child device + * @parent: The keyslot manager for parent device + * @child: The keyslot manager for child device, or NULL + * + * Clear any crypto mode support bits in @parent that aren't set in @child. + * If @child is NULL, then all parent bits are cleared. + * + * Only use this when setting up the keyslot manager for a layered device, + * before it's been exposed yet. + */ +void blk_ksm_intersect_modes(struct blk_keyslot_manager *parent, + const struct blk_keyslot_manager *child) +{ + if (child) { + unsigned int i; + + parent->max_dun_bytes_supported = + min(parent->max_dun_bytes_supported, + child->max_dun_bytes_supported); + for (i = 0; i < ARRAY_SIZE(child->crypto_modes_supported); + i++) { + parent->crypto_modes_supported[i] &= + child->crypto_modes_supported[i]; + } + } else { + parent->max_dun_bytes_supported = 0; + memset(parent->crypto_modes_supported, 0, + sizeof(parent->crypto_modes_supported)); + } +} +EXPORT_SYMBOL_GPL(blk_ksm_intersect_modes); + +/** + * blk_ksm_is_superset() - Check if a KSM supports a superset of crypto modes + * and DUN bytes that another KSM supports. + * @ksm_superset: The KSM that we want to verify is a superset + * @ksm_subset: The KSM that we want to verify is a subset + * + * Return: True if @ksm_superset supports a superset of the crypto modes and DUN + * bytes that @ksm_subset supports. + */ +bool blk_ksm_is_superset(struct blk_keyslot_manager *ksm_superset, + struct blk_keyslot_manager *ksm_subset) +{ + int i; + + if (!ksm_subset) + return true; + + if (!ksm_superset) + return false; + + for (i = 0; i < ARRAY_SIZE(ksm_superset->crypto_modes_supported); i++) { + if (ksm_subset->crypto_modes_supported[i] & + (~ksm_superset->crypto_modes_supported[i])) { + return false; + } + } + + if (ksm_subset->max_dun_bytes_supported > + ksm_superset->max_dun_bytes_supported) { + return false; + } + + return true; +} +EXPORT_SYMBOL_GPL(blk_ksm_is_superset); + +/** + * blk_ksm_update_capabilities() - Update the restrictions of a KSM to those of + * another KSM + * @target_ksm: The KSM whose restrictions to update. + * @reference_ksm: The KSM to whose restrictions this function will update + * @target_ksm's restrictions to, + */ +void blk_ksm_update_capabilities(struct blk_keyslot_manager *target_ksm, + struct blk_keyslot_manager *reference_ksm) +{ + memcpy(target_ksm->crypto_modes_supported, + reference_ksm->crypto_modes_supported, + sizeof(target_ksm->crypto_modes_supported)); + + target_ksm->max_dun_bytes_supported = + reference_ksm->max_dun_bytes_supported; +} +EXPORT_SYMBOL_GPL(blk_ksm_update_capabilities); /** * blk_ksm_init_passthrough() - Init a passthrough keyslot manager diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index cd0478d44058..2b3efa9f9fae 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1358,6 +1358,10 @@ static int table_load(struct file *filp, struct dm_ioctl *param, size_t param_si goto err_unlock_md_type; } + r = dm_verify_inline_encryption(md, t); + if (r) + goto err_unlock_md_type; + if (dm_get_md_type(md) == DM_TYPE_NONE) { /* Initial table load: acquire type of table. */ dm_set_md_type(md, dm_table_get_type(t)); @@ -2114,6 +2118,10 @@ int __init dm_early_create(struct dm_ioctl *dmi, if (r) goto err_destroy_table; + r = dm_verify_inline_encryption(md, t); + if (r) + goto err_destroy_table; + md->type = dm_table_get_type(t); /* setup md->queue to reflect md's type (may block) */ r = dm_setup_md_queue(md, t); diff --git a/drivers/md/dm.c b/drivers/md/dm.c index c18fc2548518..22bb2c90583d 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -28,6 +28,7 @@ #include #include #include +#include #define DM_MSG_PREFIX "core" @@ -1721,6 +1722,8 @@ static const struct dax_operations dm_dax_ops; static void dm_wq_work(struct work_struct *work); +static void dm_destroy_inline_encryption(struct mapped_device *md); + static void cleanup_mapped_device(struct mapped_device *md) { if (md->wq) @@ -1742,8 +1745,10 @@ static void cleanup_mapped_device(struct mapped_device *md) put_disk(md->disk); } - if (md->queue) + if (md->queue) { + dm_destroy_inline_encryption(md); blk_cleanup_queue(md->queue); + } cleanup_srcu_struct(&md->io_barrier); @@ -1949,6 +1954,206 @@ static void event_callback(void *context) dm_issue_global_event(); } +#ifdef CONFIG_BLK_INLINE_ENCRYPTION + +struct dm_keyslot_evict_args { + const struct blk_crypto_key *key; + int err; +}; + +static int dm_keyslot_evict_callback(struct dm_target *ti, struct dm_dev *dev, + sector_t start, sector_t len, void *data) +{ + struct dm_keyslot_evict_args *args = data; + int err; + + err = blk_crypto_evict_key(bdev_get_queue(dev->bdev), args->key); + if (!args->err) + args->err = err; + /* Always try to evict the key from all devices. */ + return 0; +} + +/* + * When an inline encryption key is evicted from a device-mapper device, evict + * it from all the underlying devices. + */ +static int dm_keyslot_evict(struct blk_keyslot_manager *ksm, + const struct blk_crypto_key *key, unsigned int slot) +{ + struct mapped_device *md = ksm->priv; + struct dm_keyslot_evict_args args = { key }; + struct dm_table *t; + int srcu_idx; + int i; + struct dm_target *ti; + + t = dm_get_live_table(md, &srcu_idx); + if (!t) + return 0; + for (i = 0; i < dm_table_get_num_targets(t); i++) { + ti = dm_table_get_target(t, i); + if (!ti->type->iterate_devices) + continue; + ti->type->iterate_devices(ti, dm_keyslot_evict_callback, &args); + } + dm_put_live_table(md, srcu_idx); + return args.err; +} + +static struct blk_ksm_ll_ops dm_ksm_ll_ops = { + .keyslot_evict = dm_keyslot_evict, +}; + +static int device_intersect_crypto_modes(struct dm_target *ti, + struct dm_dev *dev, sector_t start, + sector_t len, void *data) +{ + struct blk_keyslot_manager *parent = data; + struct blk_keyslot_manager *child = bdev_get_queue(dev->bdev)->ksm; + + blk_ksm_intersect_modes(parent, child); + return 0; +} + +/* + * Constructs and returns a keyslot manager that represents the crypto + * capabilities of the devices described by the dm_table. However, if the + * constructed keyslot manager does not support a superset of the crypto + * capabilities supported by the currect keyslot manager of the mapped_device, + * it returns an error instead, since we don't support restricting crypto + * capabilities on table changes. + */ +static struct blk_keyslot_manager * +dm_init_inline_encryption(struct mapped_device *md, struct dm_table *t) +{ + struct blk_keyslot_manager *ksm; + struct dm_target *ti; + unsigned int i; + + ksm = kmalloc(sizeof(*ksm), GFP_KERNEL); + if (!ksm) + return ERR_PTR(-EINVAL); + blk_ksm_init_passthrough(ksm); + ksm->ksm_ll_ops = dm_ksm_ll_ops; + ksm->max_dun_bytes_supported = UINT_MAX; + memset(ksm->crypto_modes_supported, 0xFF, + sizeof(ksm->crypto_modes_supported)); + ksm->priv = md; + + for (i = 0; i < dm_table_get_num_targets(t); i++) { + ti = dm_table_get_target(t, i); + + if (!ti->may_passthrough_inline_crypto) { + blk_ksm_intersect_modes(ksm, NULL); + break; + } + if (!ti->type->iterate_devices) + continue; + ti->type->iterate_devices(ti, device_intersect_crypto_modes, + ksm); + } + + if (!blk_ksm_is_superset(ksm, md->queue->ksm)) { + DMWARN("Inline encryption capabilities of new DM table were more restrictive than the old table's. This is not supported!"); + blk_ksm_destroy(ksm); + return ERR_PTR(-EOPNOTSUPP); + } + + return ksm; +} + +/** + * dm_verify_inline_encryption() - Verifies that the current keyslot manager of + * the mapped_device can be replaced by the + * keyslot manager of a given dm_table. + * @md: The mapped_device + * @t: The dm_table + * + * In particular, this function checks that the keyslot manager that will be + * constructed for the dm_table will support a superset of the capabilities that + * the current keyslot manager of the mapped_device supports. + * + * Return: 0 if the table's keyslot_manager can replace the current keyslot + * manager of the mapped_device. Negative value otherwise. + */ +int dm_verify_inline_encryption(struct mapped_device *md, struct dm_table *t) +{ + struct blk_keyslot_manager *ksm = dm_init_inline_encryption(md, t); + + if (IS_ERR(ksm)) + return PTR_ERR(ksm); + blk_ksm_destroy(ksm); + + return 0; +} + +static void dm_update_keyslot_manager(struct mapped_device *md, + struct blk_keyslot_manager *ksm) +{ + bool ksm_is_empty = true; + int i; + + /* + * If the new KSM doesn't actually support any crypto modes, we may as + * well set a NULL ksm. + */ + ksm_is_empty = true; + for (i = 0; i < ARRAY_SIZE(ksm->crypto_modes_supported); i++) { + if (ksm->crypto_modes_supported[i]) { + ksm_is_empty = false; + break; + } + } + + if (ksm_is_empty) { + blk_ksm_destroy(ksm); + + /* At this point, md->queue->ksm must also be NULL, since we're + * guaranteed that ksm is a superset of md->queue->ksm, and we + * never set md->queue->ksm to a non-null empty ksm. + */ + if (WARN_ON(md->queue->ksm)) + blk_ksm_register(NULL, md->queue); + return; + } + + /* Make the ksm less restrictive */ + if (!md->queue->ksm) { + blk_ksm_register(ksm, md->queue); + } else { + blk_ksm_update_capabilities(md->queue->ksm, ksm); + blk_ksm_destroy(ksm); + } +} + +static void dm_destroy_inline_encryption(struct mapped_device *md) +{ + if (!md->queue->ksm) + return; + blk_ksm_destroy(md->queue->ksm); + blk_ksm_unregister(md->queue); +} + +#else /* CONFIG_BLK_INLINE_ENCRYPTION */ + +static inline struct blk_keyslot_manager * +dm_init_inline_encryption(struct mapped_device *md, struct dm_table *t) +{ + return NULL; +} + +static void dm_update_keyslot_manager(struct mapped_device *md, + struct blk_keyslot_manager *ksm) +{ +} + +static inline void dm_destroy_inline_encryption(struct mapped_device *md) +{ +} + +#endif /* !CONFIG_BLK_INLINE_ENCRYPTION */ + /* * Returns old map, which caller must destroy. */ @@ -1959,6 +2164,7 @@ static struct dm_table *__bind(struct mapped_device *md, struct dm_table *t, struct request_queue *q = md->queue; bool request_based = dm_table_request_based(t); sector_t size; + struct blk_keyslot_manager *ksm; int ret; lockdep_assert_held(&md->suspend_lock); @@ -1994,12 +2200,21 @@ static struct dm_table *__bind(struct mapped_device *md, struct dm_table *t, md->immutable_target = dm_table_get_immutable_target(t); } + ksm = dm_init_inline_encryption(md, t); + if (IS_ERR(ksm)) { + old_map = ERR_PTR(PTR_ERR(ksm)); + goto out; + } + ret = __bind_mempools(md, t); if (ret) { + blk_ksm_destroy(ksm); old_map = ERR_PTR(ret); goto out; } + dm_update_keyslot_manager(md, ksm); + old_map = rcu_dereference_protected(md->map, lockdep_is_held(&md->suspend_lock)); rcu_assign_pointer(md->map, (void *)t); md->immutable_target_type = dm_table_get_immutable_target_type(t); diff --git a/drivers/md/dm.h b/drivers/md/dm.h index fffe1e289c53..eaf92e4cbe70 100644 --- a/drivers/md/dm.h +++ b/drivers/md/dm.h @@ -208,4 +208,23 @@ void dm_free_md_mempools(struct dm_md_mempools *pools); */ unsigned dm_get_reserved_bio_based_ios(void); +/* + * Inline Encryption + */ +struct blk_keyslot_manager; + +#ifdef CONFIG_BLK_INLINE_ENCRYPTION + +int dm_verify_inline_encryption(struct mapped_device *md, struct dm_table *t); + +#else /* !CONFIG_BLK_INLINE_ENCRYPTION */ + +static inline int dm_verify_inline_encryption(struct mapped_device *md, + struct dm_table *t) +{ + return 0; +} + +#endif /* !CONFIG_BLK_INLINE_ENCRYPTION */ + #endif diff --git a/include/linux/device-mapper.h b/include/linux/device-mapper.h index 61a66fb8ebb3..6d05a6a8a129 100644 --- a/include/linux/device-mapper.h +++ b/include/linux/device-mapper.h @@ -325,6 +325,12 @@ struct dm_target { * whether or not its underlying devices have support. */ bool discards_supported:1; + + /* + * Set if inline crypto capabilities from this target's underlying + * device(s) can be exposed via the device-mapper device. + */ + bool may_passthrough_inline_crypto:1; }; void *dm_per_bio_data(struct bio *bio, size_t data_size); diff --git a/include/linux/keyslot-manager.h b/include/linux/keyslot-manager.h index 37f1022b256f..4047f8cec01a 100644 --- a/include/linux/keyslot-manager.h +++ b/include/linux/keyslot-manager.h @@ -11,6 +11,8 @@ struct blk_keyslot_manager; +#ifdef CONFIG_BLK_INLINE_ENCRYPTION + /** * struct blk_ksm_ll_ops - functions to manage keyslots in hardware * @keyslot_program: Program the specified key into the specified slot in the @@ -106,6 +108,21 @@ void blk_ksm_reprogram_all_keys(struct blk_keyslot_manager *ksm); void blk_ksm_destroy(struct blk_keyslot_manager *ksm); +void blk_ksm_intersect_modes(struct blk_keyslot_manager *parent, + const struct blk_keyslot_manager *child); + void blk_ksm_init_passthrough(struct blk_keyslot_manager *ksm); +bool blk_ksm_is_superset(struct blk_keyslot_manager *ksm_superset, + struct blk_keyslot_manager *ksm_subset); + +void blk_ksm_update_capabilities(struct blk_keyslot_manager *target_ksm, + struct blk_keyslot_manager *reference_ksm); + +#else /* CONFIG_BLK_INLINE_ENCRYPTION */ + +static inline void blk_ksm_destroy(struct blk_keyslot_manager *ksm) { } + +#endif /* CONFIG_BLK_INLINE_ENCRYPTION */ + #endif /* __LINUX_KEYSLOT_MANAGER_H */ From patchwork Thu Oct 15 21:46:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Satya Tangirala X-Patchwork-Id: 11840219 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 012DF17CA for ; Thu, 15 Oct 2020 21:47:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CC7E42076E for ; Thu, 15 Oct 2020 21:47:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vC3eeJ6A" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731568AbgJOVq7 (ORCPT ); Thu, 15 Oct 2020 17:46:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40336 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731532AbgJOVqq (ORCPT ); Thu, 15 Oct 2020 17:46:46 -0400 Received: from mail-qt1-x849.google.com (mail-qt1-x849.google.com [IPv6:2607:f8b0:4864:20::849]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A382DC0613D3 for ; Thu, 15 Oct 2020 14:46:46 -0700 (PDT) Received: by mail-qt1-x849.google.com with SMTP id x42so159252qta.13 for ; Thu, 15 Oct 2020 14:46:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=jJ0XSGNBD3tY7euVB543fHYlpP3eBszAe3/uk5F5Rds=; b=vC3eeJ6AWKOK6CgMzXd0FxGlRUk8myAzlN+70++340FYOMYD15ktWn91DBrYrWR47c jFA+Mx2y1wdC7z7njaKJYotyVpJFBfEi+nhsDxqAmfSduj1NT0+zRFdNwy9e9toc+a53 NJf02KjD+XK/Y9RUvU4YlofHQOHM7sjLb/D2JZOAeMyZCfBgMo4PBB923Ff+cqQ5QNlH sfa5nZTJBkXVAyFUF484hZemQyPmym8Cd7g4aDAnTqA10dEpyLim6nt2Z6wcu2sjtTXE ccSjY2r4S+2LUylMM+L5ZFdT1Qpar5gD1MraOicAQkB6m/eRUxx33mnCLx+qOq4uCB5v CAwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=jJ0XSGNBD3tY7euVB543fHYlpP3eBszAe3/uk5F5Rds=; b=JVreYujUM1lBRwQU0DywfpCDXnxlUjxjFj2v/wzyzWu9SRxlFkwD3WlFvwbsGPWR28 wbUUtYlDlCZwaZwlAi5nj+NJxvUs3EoEALLpI1aJHMn2/7024docxbsaAYTDSmV5rXFT a2fKPdySz0zdOD2jcyCj28z3cC3Vm0c0Kd8HiLDVs3BmKSuSlJZX4PCL3vGwl1rDzcE9 lTUFUjYeSfhiymwdD+W+uFexqtywoXSZ42n4N/45aCv3xwLmvyzkgEdNgBDQWnTlk4ZT VXwJ79326nGDUaUZKkm2fv5l9VbQpOn/JIbA1LCHRmany7iRXPuMISAd7zTxFfQojtRy 5wzA== X-Gm-Message-State: AOAM533F4WzliblHSMrS7BWVey1vnYa22q6w/1n5HDmFC1QRUEEae4R+ cQR6pOA4RPZurGmm32Zcw5bKk+5aVw54mDxTeoReS8dvskYVQ13XIB6rt6Cv+PlycoF0C7t4pG3 W+vdrLs5q17X5t1iD3xhoABIgeyFf9nJctfPX3pI3BxriVag7cUd99D+tw2fSlzMQLC4c X-Google-Smtp-Source: ABdhPJy/gKbvbPaKedo5PE3S0DBqu189VWoYKJIviBQq1cp6yrPskRaTZNVZkmirHKdPnYKENw3tPx1dOJs= Sender: "satyat via sendgmr" X-Received: from satyaprateek.c.googlers.com ([fda3:e722:ac3:10:24:72f4:c0a8:1092]) (user=satyat job=sendgmr) by 2002:a05:6214:14b4:: with SMTP id bo20mr957599qvb.24.1602798405757; Thu, 15 Oct 2020 14:46:45 -0700 (PDT) Date: Thu, 15 Oct 2020 21:46:32 +0000 In-Reply-To: <20201015214632.41951-1-satyat@google.com> Message-Id: <20201015214632.41951-5-satyat@google.com> Mime-Version: 1.0 References: <20201015214632.41951-1-satyat@google.com> X-Mailer: git-send-email 2.29.0.rc1.297.gfa9743e501-goog Subject: [PATCH v2 4/4] dm: enable may_passthrough_inline_crypto on some targets From: Satya Tangirala To: linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, dm-devel@redhat.com Cc: Jens Axboe , Alasdair Kergon , Mike Snitzer , Eric Biggers , Satya Tangirala Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org dm-linear and dm-flakey obviously can pass through inline crypto support. Co-developed-by: Eric Biggers Signed-off-by: Eric Biggers Signed-off-by: Satya Tangirala --- drivers/md/dm-flakey.c | 1 + drivers/md/dm-linear.c | 1 + 2 files changed, 2 insertions(+) diff --git a/drivers/md/dm-flakey.c b/drivers/md/dm-flakey.c index a2cc9e45cbba..655286dacc35 100644 --- a/drivers/md/dm-flakey.c +++ b/drivers/md/dm-flakey.c @@ -253,6 +253,7 @@ static int flakey_ctr(struct dm_target *ti, unsigned int argc, char **argv) ti->num_discard_bios = 1; ti->per_io_data_size = sizeof(struct per_bio_data); ti->private = fc; + ti->may_passthrough_inline_crypto = true; return 0; bad: diff --git a/drivers/md/dm-linear.c b/drivers/md/dm-linear.c index 00774b5d7668..345e22b9be5d 100644 --- a/drivers/md/dm-linear.c +++ b/drivers/md/dm-linear.c @@ -62,6 +62,7 @@ static int linear_ctr(struct dm_target *ti, unsigned int argc, char **argv) ti->num_secure_erase_bios = 1; ti->num_write_same_bios = 1; ti->num_write_zeroes_bios = 1; + ti->may_passthrough_inline_crypto = true; ti->private = lc; return 0;